This made me put "sign up on gun.io" on my to-do list. Very cool talk, very sympathetic guy (+1 for rapid fire info,+10 for making a stand for hacker aesthetics and fun in hacking)
So, if IAM is the keys to the city for Lambda, how can I be sure I'm using IAM correctly on AWS (Since AWS documentation is not great). Any suggestions? (asking for a friend...)
(Presenter here) - My opinion is that there is no magic bullet here. There are some 3rd party tools that can help to audit your IAM usage for large organizations, but I think manual review is necessary. I think Amazon is also starting to roll out some of there own tools. There are some general best practices you can implement - keep production on a different _account_, don't allow the use '*' anywhere, things like that.
After the talk, I spoke to a nice Dutch man who told me the way they handled it at their company was to randomly turn off an overly broad permission and see who came to complain!